Handled to GDPR standard

Privacy Policy

for LEI Registration Agent services provided by LEI Comply.
Effective from 15.06.2026

1. General Provisions and Data Controller

1.1. The data controller is Stellar Verity Solutions OU, a company registered in Estonia, Europe, trading as 'LEI Comply' and identified by LEI 529900EUCQM9ZZJAYA93 (the 'Registration Agent', 'we').
1.2. These Principles form an integral annex to the Terms and Conditions of Service. They are to be read together with those Terms; in the event of conflict on data-processing matters specifically, these Principles prevail.
1.3. These Principles provide an overview of how the Registration Agent processes the data of Clients.
1.4. The security of Client data and the protection of personal data are of utmost importance. The Registration Agent processes data in accordance with the EU GDPR and Estonian law and, where applicable to the Client, the UK GDPR and Data Protection Act 2018, applicable United States state privacy laws (including CCPA/CPRA), and Canada's PIPEDA and equivalent provincial legislation.

2. Data Processed and Purposes of Processing

2.1. The Registration Agent primarily processes data of legal entities, to which the GDPR does not apply. However, the GDPR applies to the data of the Client's representatives (natural persons).
2.2. Data processed: company name, registry code, legal address, data on direct and ultimate accounting consolidating parent entities (Level 2 Data), as required by GLEIF; first and last name of the Client's representative, email address, phone number, payment details excluding raw card data, and, where required to confirm the right of representation, authorisation documentation (e.g. a Power of Attorney / Letter of Authorisation). The Registration Agent verifies authorisation only and does not perform identity validation, which is reserved to the LOU/Validation Agents.
2.3. Purpose of processing: provision of the Service (registration, management, renewal, and transfer of the LEI code), communication with the Client, billing, and fulfillment of obligations arising from legislation and GLEIF requirements.
2.4. Legal bases: performance of the contract, compliance with legal and GLEIF obligations, and our legitimate interest in operating and securing the Service. Any marketing communications are sent in line with applicable marketing law (incl. ePrivacy/PECR, CAN-SPAM, CASL) and may be objected to at any time.

3. Transfer of Data to Third Parties (Incl. Disclosure)

3.1. The Issuer and GLEIF: For the purpose of providing the Service, the Registration Agent transfers the collected data to its partnering LEI Issuer (LOU), Herausgebergemeinschaft Wertpapier-Mitteilungen Keppler, Lehmann GmbH & Co. KG (LEI 5299000J2N45DDNE4Y28), located in the European Union. The Issuer forwards data to GLEIF, headquartered in Switzerland. Switzerland benefits from an EU adequacy decision, ensuring an equivalent level of data protection.
3.2. Public availability of data: The Client is aware and agrees that the objective of the LEI system is global transparency. In accordance with GLEIF rules, the Client's Legal Entity Reference Data (LE-RD) and the registration status of the LEI are publicly and freely accessible in the Global LEI Repository. The personal contact details of the Client's representative (email, phone) are not added to the public database. The personal contact details of the Client's representative (email, phone) are not added to the public database.
3.3. Data may also be processed by vetted third-party processors acting on our instructions — including payment service providers, electronic-signature providers, customer-relationship-management systems and document-storage providers — and may be disclosed to legal and financial advisors and to state authorities where required by law. Such processors are bound by data-processing agreements and are required to comply with our Terms and the GLEIF Registration Agents Governance Framework.

4. Data Retention

4.1. Records relating to the provision of the Service — including authorisation documentation, contractual documents and supporting evidence required by the Issuer (LOU) and GLEIF — are retained for a minimum of ten (10) years from the date of the most recent update to the record, or longer where required by law, consistent with the Registration Agent's records-management obligations.
4.2. Accounting source documents are retained for seven (7) years from the end of the relevant financial year under the Accounting Act. Where retention periods differ, the longest applicable period applies.

5. Rights of the Data Subject

5.1. A representative who is a natural person has the right to request access to their personal data, rectification, erasure, or restriction of processing, as well as the right to object to the processing. The right to erasure may be limited where data must be retained to comply with legal obligations.
5.2. To exercise these rights, please contact us via the email: [email protected].